[389-users] 389 certificate issues...
Chandrasekar Kannan
ckannan at redhat.com
Sat Oct 3 01:09:40 UTC 2009
On 10/02/2009 05:30 PM, Marc Sauton wrote:
> Trey Sheldon wrote:
>> Hello all,
>>
>> I've been evaluating and prepping to deploy 389 for a couple months
>> now and while working on my final deployment I've run into a snag...
>>
>> I created two servers and successfully enabled SSL on them. I'm
>> attempting to create a third using the exact same procedure and can't
>> seem to get SSL enabled.
>>
>> I used the admin-gui to install the request / install the certs and
>> roots.
>>
>> ##WORKING
>> #certutil -L -d .
>> Certificate Nickname Trust
>> Attributes
>>
>> SSL,S/MIME,JAR/XPI
>> Metaweb Root Certificate CT,,
>> Metaweb Host Root Certificate CT,,
>> server-cert u,u,u
>>
>> # certutil -L -d . -n server-cert
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number: 88 (0x58)
>> Signature Algorithm: PKCS #1 MD5 With RSA Encryption
>> Issuer: ........ <full certificate>
>>
>> ## NOT WORKING
>> # certutil -L -d .
>> Certificate Nickname Trust
>> Attributes
>>
>> SSL,S/MIME,JAR/XPI
>> Metaweb Root Certificate CT,,
>> Metaweb Host Root Certificate CT,,
>> server-cert u,u,u
>>
>> # certutil -L -d . -n server-cert
>> certutil: Could not find: server-cert
>> : security library: bad database.
>>
> It means the nick-name provided to certutil does not exist in the NSS db.
certutil -X -d . (might help as it tries to open the db in write mode)...
> Aside cert8.db, key3.db, secmod.db files and directory permissions,
> reading the 2 root certificates from this specific NSS db directory
> for sanity check, is it possible the string "server-cert" that you
> expect for the nickname was stored with some extra spaces appended to
> it?...
> Is the cert visible in the console?
> Any specific errors in the console when you try to install the cert or
> enable SSL?
>>
>> These systems are automatically deployed and configured and should
>> have identical package revisions and configurations. I'm at a blank
>> to what is causing the problem. Any insight that people have would
>> be *greatly* appreciated.
>>
>> Sincerely,
>> Trey SHeldon
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
More information about the Fedora-directory-users
mailing list